On Sat, Sep 04, 2010 at 01:41:41PM -0700, Steve Atkins allegedly wrote:
Do we have any thoughts on 1. how often keys might sensibly be
rotated and 2. how long public keys should remain visible after the
private key has been rotated out?
I believe the general thrust is that DKIM keys are ephemeral so no one
should rely on there long-term presence. Your verifying MTA should
annotate inbound mail appropriately so that subsequent reliance on the
public key is not needed. Authentication-Results header being a good
place to store what is needed here.
(I know you know this, Steve. I'm just setting the stage).
In that light, I would expect that a public key only needs to stay
around as long as an email can remain in-transit plus some
fudge. Maybe seven days or thereabouts?
Turning the question back to you. Is there any motive for removing
public keys rapidly apart from when they've been compromised? I can't
think of any obvious reason why you'd want to do this, so I'm curious
to hear of any use-cases you have in mind that warrant rapid removal.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html